- Duration: 2 days
- Skill-level: Foundation-level Real-World Cryptography skills for Intermediate skilled team members. This is not a basic class.
- Targeted Audience: This course is geared for those who wants applied cryptographic techniques to understand and apply security at every level of your systems and applications.
- Hands-on Learning: This course is approximately 50% hands-on lab to 50% lecture ratio, combining engaging lecture, demos, group activities and discussions with machine-based student labs and exercises. Student machines are required.
- Delivery Format: This course is available for onsite private classroom presentation.
- Customizable: This course may be tailored to target your specific training skills objectives, tools of choice and learning goals.
Real-World Cryptography helps you understand the cryptographic techniques at work in common tools, frameworks, and protocols so you can make excellent security choices for your systems and applications. There’s no unnecessary theory or jargon—just the most up-to-date techniques you’ll need in your day-to-day work as a developer or systems administrator. Cryptography expert David Wong takes you hands-on with cryptography building blocks such as hash functions and key exchanges, then shows you how to use them as part of your security protocols and applications. Alongside modern methods, the course also anticipates the future of cryptography, diving into emerging and cutting-edge advances such as cryptocurrencies, password-authenticated key exchange, and post-quantum cryptography. Throughout, all techniques are fully illustrated with diagrams and real-world use cases so you can easily see how to put them into practice.
Working in a hands-on learning environment, led by our Real-World Cryptography expert instructor, students will learn about and explore:
- Without cryptographic techniques allowing for easy encrypting and decrypting of data, almost all IT infrastructure would be vulnerable.
- Explore how cryptography protects privacy, secures online activity, and defends confidential information, such as credit cards, from attackers and thieves
Topics Covered: This is a high-level list of topics covered in this course. Please see the detailed Agenda below
- Best practices for using cryptography
- Diagrams and explanations of cryptographic algorithms
- Identifying and fixing cryptography bad practices in applications
- Picking the right cryptographic tool to solve problems
Audience & Pre-Requisites
This course is geared for cryptography beginners with no previous experience in the field.
Pre-Requisites: Students should have
- Basic to Intermediate IT Skills.
- Good foundational mathematics or logic skills
- no previous experience is required in this field.
- Basic Linux skills, including familiarity with command-line options such as ls, cd, cp, and su
Course Agenda / Topics
- Real-World Cryptography
- A Peek into the World of Cryptography
- Real World Cryptography
- A Word of Warning
- Hash Functions
- What Is a Hash Function?
- Security Properties of a Hash Function
- Security Considerations for Hash Functions
- Hash Functions in practice
- Standardized Hash Functions
- Hashing Passwords
- Message Authentication Codes
- What Is a Message Authentication Code?
- Security Properties of a Message Authentication Code
- MAC in the real world
- Message Authentication Codes in Practice
- Attack of the Ch: SHA-2 and Length-Extension Attacks
- Authenticated Encryption
- What Is a Cipher?
- Symmetric Encryption in the Real World
- The AES-CBC-HMAC Encryption Algorithm
- Authenticated Encryption with Associated Data (AEAD)
- Key Wrapping and Nonce-Misuse Resistance
- A Map of Authenticated Encryption
- Other Kinds of Symmetric Encryption
- Key Exchanges
- What is a Key Exchange?
- Key Exchange Standards
- Asymmetric Encryption and Hybrid Encryption
- What is Asymmetric Encryption?
- Asymmetric Encryption in Practice and Hybrid Encryption
- Standards for Asymmetric Encryption and Hybrid Encryption
- Attack of the Ch: RSA PKCS#1 v1.5
- Asymmetric Encryption with RSA-OAEP
- Hybrid Encryption with ECIES
- Digital Signatures
- What is a Digital Signature?
- Security Properties and Considerations
- Digital Signature Standards
- Randomness and Secrets
- What is Randomness?
- What is a Pseudo-Random Number Generator (PRNG)?
- Obtaining Randomness in Practice
- Randomness Generation and Security Considerations
- Public Randomness
- Key Derivation With HKDF
- Managing Keys and Secrets
- Avoiding Key Management, Or How to Split Trust
- Secure Transport (Session Encryption)
- What is SSL/TLS?
- How Does TLS Work?
- The State of the Encrypted Web Today
- Other Secure Transport Protocols